Security question regarding root email
Peter Gordon
admin at ramshacklestudios.com
Sun Jan 1 20:33:07 UTC 2006
On Sun, 2006-01-01 at 15:37 +0200, Dotan Cohen wrote:
> --------------------- httpd Begin ------------------------
> Requests with error response codes
> 404 Not Found
> /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
> /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
> /favicon.ico: 32 Time(s)
> /javascript/HM_Arrays.js: 1 Time(s)
> /javascript/HM_ScriptDOM.js: 1 Time(s)
> /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
> /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
> ---------------------- httpd End -------------------------
> [...]
> --------------------- httpd Begin ------------------------
> Requests with error response codes
> 403 Forbidden
> /cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
> /cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1 Time(s)
> 404 Not Found
> /Forums/admin/admin_styles.php?phpbb_root_ ... cho%20YYY;echo|: 1 Time(s)
> /Forums/admin/admin_styles.phpadmin_styles ... cho%20YYY;echo|: 1 Time(s)
> /admin_styles.phpadmin_styles.php?phpbb_ro ... cho%20YYY;echo|: 1 Time(s)
> /awstats/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
> /blog/xmlrpc.php: 2 Time(s)
> /blog/xmlsrv/xmlrpc.php: 2 Time(s)
> /blogs/xmlsrv/xmlrpc.php: 2 Time(s)
> /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
> /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
> /drupal/xmlrpc.php: 2 Time(s)
> /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
> /modules/Forums/admin/admin_styles.php?php ... cho%20YYY;echo|: 1 Time(s)
> /modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 2 Time(s)
> /modules/coppermine/themes/default/theme.p ... cho%20YYY;echo|: 2 Time(s)
> /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
> /phpgroupware/xmlrpc.php: 2 Time(s)
> /wordpress/xmlrpc.php: 2 Time(s)
> /xmlrpc.php: 4 Time(s)
> /xmlrpc/xmlrpc.php: 2 Time(s)
> /xmlsrv/xmlrpc.php: 2 Time(s)
> ---------------------- httpd End -------------------------
As I recall, these are attempts to hijack your server using a variant of
the Luper worm that was going around a few months back. You seem to be
running SELinux though, so you probably shouldn't be worried, as the
default targeted and strict policies of Fedora Core 3 and 4 protect
against it. :-)
--
Peter Gordon (codergeek42)
GnuPG Public Key: 0xDA3634D7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060101/dca26b9a/attachment-0001.sig>
More information about the fedora-list
mailing list